Description

Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not consider "don't send" attributes during hub registration, which allows remote hubs to obtain sensitive site information by reading form data.

Remediation

References

CVE-2013-2081

Related Vulnerabilities

WordPress Plugin User Profile Builder-Beautiful User Registration Forms, User Profiles & User Role Editor Security Bypass (2.3.5)

WordPress Plugin Watu Quiz Cross-Site Scripting (3.3.8.2)

WordPress Plugin Post to Twitter Cross-Site Request Forgery (0.7)

Handlebars Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2019-19919)

phpList Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-20029)

Severity

Medium

Classification

CVE-2013-2081 CWE-264

Tags

Missing Update Known Vulnerabilities